Many companies that offer antivirus protection for consumers also sell endpoint protection to businesses. Sophos Home Premium gets its protective power from the company's business-level tools, including the remote management that's common for businesses. This inexpensive antivirus scores high both with independent labs and in our own tests. If you have the technical skills, you can install its protection for your friends or family and manage it remotely.

Sophos offers a free edition, which omits the most advanced features and lets you protect three computers, but even the premium edition isn't expensive. For $60 per year, you can install the product on up to 10 PCs or Macs. That's just $6 per year per device. With Bitdefender, ESET NOD32 Antivirus, Webroot, and others, you pay $39.99 per year for just one license. McAfee looks more expensive, at $59.99 per year, but that price gets you unlimited installations on every Windows, macOS, Android, and iOS device in your household.

Online Dashboard

As with the free edition, Sophos just installs a small, local client on your PC. All configuration and logging activities take place in the online dashboard. That makes a lot of sense, given this product's business origins. IT departments take care of antivirus management from a central console; they don't rely on untrained employees to do the job. If you're the go-to tech support person for your family or circle of friends, consider installing Sophos for the whole gang and managing it remotely. It's easier than driving across town to sort out the mess they've made, or trying to walk them through the process over the phone.

To install Sophos on a new device, just log into the dashboard and click Add Device. You can click to download and install on the current system or copy a link that you can send to someone else. Either way, it both installs Sophos and connects the installation to your management account.

The main screen of your dashboard displays all the devices you've protected, each with a number representing outstanding notifications. Click any device for more details and configuration options. Initially, it opens to the device's Status page, subdivided into panels for Antivirus Protection, Web Protection, Ransomware Protection, Privacy Protection, and Malicious Traffic Detection. The free edition also displays these five panels, but only the first two are active.

Features Shared With Free Edition

When you pay for the Premium edition, you get everything found in Sophos Home Free and more. Read my review of the free product for a detailed description of the features shared by both.

When reviewing antivirus utilities, I always look to the reports regularly issued by four independent testing labs, AV-Test, AV-Comparatives, SE Labs, and MRG-Effitas. Sophos earned the top certification (AAA level) from SE Labs. Of the two tests by MRG-Effitas that I track, Sophos participated in one and took the top score there too. My aggregate lab score algorithm gives Sophos 10 of 10 possible points.

A high score is good, but so is testing by many labs. Kaspersky, Avira Antivirus Pro, Symantec, and five others show up in reports from all four labs. Kaspersky's aggregate score is 9.9 points, with Avira and Norton close behind at 9.8.

In my own hands-on malware protection tests, Sophos also earned top scores. It earned 9.8 of 10 possible points in my basic detection test, a feat matched only by Windows Defender.

To test how well each antivirus defends against the very newest prevalent malware attacks, I use a list of malware-hosting URLs discovered in the last few days by researchers at MRG-Effitas. Out of 100 such URLs, Sophos blocked access to 89 percent by preventing all access to the URL. Other components, including download reputation analysis, wiped out the other 11 percent, for a perfect score—100 percent protection.

Vipre Antivirus Plus also scored 100 percent, with almost all protection happening at the URL level. McAfee's 100 percent score was more evenly divided. It blocked access to about half the URLs and wiped out the malware payload for the other half.

Phishing websites don't rely on malware to compromise your computer. Instead, they go for the weakest link—the user. If you enter your PayPal credentials on a site that's only pretending to be PayPal, you're hosed. When tested with very recent real-world phishing sites, Sophos caught 91 percent, the same score as in my last review. That's decent, but six recent products have managed 98 percent or better. McAfee and Trend Micro Antivirus+ Security managed 100 percent detection.

Parents can configure Sophos to block access to websites matching any of 28 content categories, but you shouldn't rely on it for parental control. The content filter only supports Chrome, Edge, Firefox, Internet Explorer, Safari, and Opera, so your teen (who knows more about tech than you do) need only install a less common browser such as Vivaldi. In addition, if you choose the option to warn about bad sites rather than actively block them, Sophos lets HTTPS sites pass, meaning that a smart teen could simply visit HTTPS porn sites or foil the whole system by using a secure anonymizing proxy.

As soon as the installation finishes, Sophos Home Premium launches a full scan. I approve; I always advise running a full scan after installing antivirus, to make sure you've rooted out any lurking malware. The scan finished in slightly less that than the current average time. Optimization during the first scan brought a repeat scan down to eight and a half minutes.

Exploit Protection

Some malware coders spend their days analyzing and reverse-engineering operating systems and popular applications, looking for coding errors that leave holed in your security. As soon as they start exploit those holes, the designers of the victim app or OS get busy patching, but until the patch comes out, some systems are vulnerable. In the Premium edition, Sophos aims to block these exploits directly, with special protection for common victim apps.

On the Exploits tab you find four panels: Exploit Mitigation, Protected Applications, Risk Reduction, and Preferences. The only preference initially visible in that last panel is whether Sophos offers a visual indication when it extends protection to an app. In advanced settings you can control whether it puts a glowing border around protected apps, whether the border fades out after a while, and whether it shows keyboard encryption happening in real time.

Exploit Mitigation and Risk Reduction are turned on by default, with the option to dig in for advanced settings. Those advanced settings involve things like which apps Sophos should protect, and what kind of sneaky maneuvers it should block. Just leave those settings alone; they come configured for maximum protection. Well, almost. I'd suggest opening Risk Reduction and enabling the option to stop malicious thumb drives. Doing so prevents a weird sort of attack where a specially prepared thumb drive identifies itself as a keyboard and takes control of your PC.

As noted, Exploit Mitigation aims to block attacks on security holes in protected applications. However, it doesn't peek at incoming network traffic to detect exploits as they arrive, the way the way Symantec Norton AntiVirus Plus does. That difference became clear when I ran my standard exploit test.

This test uses 30-odd exploits generated by the CORE Impact penetration testing tool and aimed at Windows itself and at popular apps. Sophos didn't detect exploits at the network level, but the real-time protection component blocked a third of the malicious payloads, reporting Malicious Content Detected. In a few cases it flagged the attack using its official name. The test system is fully patched, so even the two-thirds of exploits missed couldn't do any harm. Note that Norton caught 85 percent of the attacks at the network level, and Kaspersky Internet Security managed 81 percent (Kaspersky, like most security companies, reserves exploit protection for suite products.)

The tools managed on the Exploits page are among the most complex in this product. Fortunately, you don't have to understand them in order to benefit. Just leave them alone to do their work.

Powerful Ransomware Protection

Another feature that Sophos doesn't offer for free is ransomware protection. In theory, the regular malware scan and real-time antivirus protection should prevent ransomware attacks, just as they prevent other malware infestations. However, the consequences of missing a brand-new ransomware sample are more significant and permanent than for other types of malware. Even if your antivirus gets an update that wipes out the zero-day ransomware an hour after the attack, your files are still encrypted and useless.

The post-installation scan eliminated all my ransomware samples, as expected. To simulate attacks by zero-day ransomware that evades usual protection, I turned off the real-time component and put my folder of ransomware samples back in place. After double-checking the status of ransomware protection, I started releasing real-world ransomware attacks on the virtual machine test system.

Sophos detected and eliminated all my encrypting ransomware samples, including one that attempts to encrypt the whole drive rather than just certain files. The only one it missed was a screen-locker ransomware sample, which makes sense given that it aims to detect encryption activity.

I've occasionally encountered ransomware protection systems that suffer a window of vulnerability during the boot process. Ransomware launched at boot time managed to do its dirty deeds before the ransomware protection system kicked in. I tested Sophos by configuring a real-world ransomware sample to launch at startup. It had no trouble preventing the attack.

Some wholly behavior-based ransomware detection systems kick in after the attacking process has already encrypted a few files. That wasn't the case with Sophos; I didn't find any files damaged by any of the ransomware samples. It's worth noting that Webroot SecureAnywhere AntiVirus avoids the lost file problem in an unusual way. It journals all activity by programs it can't identify as good or bad, and shares behavior information with its cloud-based analysis system. If the cloud says thumbs down, Webroot kills the program and reverses all its actions, including file encryption actions. Webroot does warn that a massive encryption attack could overrun the capacity of the journaling system.

The RanSim ransomware simulator from KnowBe4 simulates 10 different ransomware attack techniques, along with two legitimate encryption activities. Ransomware protection tools should block the 10 attacks but leave the two legitimate modules alone. Some behavior-based ransomware protection tools ignore the simulations, because they are not truly ransomware, so I don't penalize a product for a poor score in this test. Yet I can applaud a good score, like that achieved by Sophos. It prevented nine of the 10 simulated attacks, though it did also disable one of the legitimate code modules.

My testing aims to simulate a situation where the real-time protection system has missed a zero-day ransomware attack. Confronted with prevalent real-world ransomware samples, and with real-time protection active, Sophos wiped them all out. Based on my testing, it's also likely to handle those pesky zero-days.

Keystroke Encryption and Safe Banking

The Free and Premium editions both offer Web Protection, to keep browsers and other programs away from dangerous URLs, and Download Reputation analysis, to fend off downloads that aren't known malware but have a bad reputation. The Premium edition adds Safe Online Banking, which consists of Safe Browsing and Keylogger Protection.

Kaspersky, Bitdefender, and several others offer browser protection designed to isolate your financial transactions from other processes, thereby preventing data theft. With Sophos, Safe Browsing simply warns if your browser has been compromised. I assume it works; I don't have a way to compromise a browser for testing.

Keylogger Protection, on the other hand, is easy to test. I turned off other protection components, to keep Sophos from wiping out a free keylogger that I installed. I verified that the keylogger captured my keystrokes in Notepad, which isn't protected by Safe Browsing. When I typed in a browser instead, the keylogger caught only gibberish. When I tested the similar feature in G Data Antivirus, the keylogger received nothing at all from the browser. Note that G Data includes a separate component called BankGuard, which isolates the browser against other kinds of data-stealing attacks.

Modern keyloggers generally do a lot more than log keystrokes types by the victim. The one I chose recorded URLs visited, captured everything that was copied to the clipboard, and snapped periodic screenshots. Sophos didn't protect against those actions, but real-time protection would have wiped out the keylogger before it could even load.

Webcam Spyware Protection

Many kinds of spyware aim to capture your credit cards or other kinds of personal data that malefactors can monetize. Perhaps the creepiest spyware, though, is the kind that secretly activates your webcam, spying on you, personally, when you think you're alone. Quite a few antivirus utilities now include spyware protection components to prevent this pervy peeping.

Bitdefender, Kaspersky Anti-Virus, and ESET don't get in the way of legitimate applications that need to use the webcam. However, when an unknown program tries to peek at you, they suspend its access and notify you. If it's some new video-conferencing tool you just installed, you can mark it as trusted. If not, just block its access.

Webcam Protection in Sophos is much less sophisticated. When a process accesses the webcam, it simply slides in a transient notification about that access. There's no blacklist or whitelist, and if you're not looking at the screen, you could miss the notification.

A Good Choice for the Right User

If you're enough of a techie to comprehend its range of features, Sophos Home Premium lets you install and remotely manage Sophos protection on up to 10 PCs or Macs. It earns great scores in our hands-on tests, and in tests from the independent labs that included it. In addition, it advanced features such as keylogger defense, ransomware protection, and exploit mitigation.

Sophos Home Premium is a good antivirus for the right user, but we've identified several Editors' Choice antivirus products that suit just about any user. Bitdefender Antivirus Plus and Kaspersky Anti-Virus consistently get excellent scores with the independent labs. McAfee AntiVirus Plus doesn't score as high, but if offers unlimited cross-platform licenses, not just for Windows and macOS but for Android and iOS as well. Finally, Webroot SecureAnywhere AntiVirus packs unique and powerful behavior-based detection in a tiny package.

Sophos Home Premium

Bottom Line: Sophos Home Premium expands on basic antivirus with protection forged in the company's Enterprise-level products. The results are excellent, though some features may be too complex for some users.

About the Author

Neil Rubenking served as vice president and president of the San Francisco PC User Group for three years when the IBM PC was brand new. He was present at the formation of the Association of Shareware Professionals, and served on its board of directors. In 1986, PC Magazine brought Neil on board to handle the torrent of Turbo Pascal tips submitted by readers. By 1990, he had become PC Magazine's technical editor, and a coast-to-coast telecommuter. His "User to User" column supplied readers with tips and solutions on using DOS and Windows, his technical columns clarified fine points in programming and operating systems, and his utility articles (over forty of … See Full Bio